2022-01-29 06:23:04 +00:00
|
|
|
# Web discovery wordlists
|
|
|
|
|
|
|
|
|
|
## combined_words.txt
|
|
|
|
|
|
|
|
|
|
Use for: discovering files
|
|
|
|
|
This list is automatically updated by a github action whenever any of the lists it's composed by is modified.
|
|
|
|
|
|
|
|
|
|
This list is a combination of the following wordlists:
|
|
|
|
|
|
|
|
|
|
- big.txt
|
|
|
|
|
- common.txt
|
|
|
|
|
- raft-large-words-lowercase.txt
|
|
|
|
|
- raft-large-words.txt
|
|
|
|
|
- raft-medium-words-lowercase.txt
|
|
|
|
|
- raft-medium-words.txt
|
|
|
|
|
- raft-small-words-lowercase.txt
|
|
|
|
|
- raft-small-words.txt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## combined_directories.txt
|
|
|
|
|
|
|
|
|
|
Use for: discovering files and directories
|
|
|
|
|
This list is automatically updated by a github action whenever any of the lists it's composed by is modified.
|
|
|
|
|
|
|
|
|
|
This list is a combination of the following wordlists:
|
|
|
|
|
- apache.txt
|
|
|
|
|
- combined_words.txt
|
|
|
|
|
- directory-list-1.0.txt
|
|
|
|
|
- directory-list-2.3-big.txt
|
|
|
|
|
- directory-list-2.3-medium.txt
|
|
|
|
|
- directory-list-2.3-small.txt
|
|
|
|
|
- raft-large-directories-lowercase.txt
|
|
|
|
|
- raft-large-directories.txt
|
|
|
|
|
- raft-medium-directories-lowercase.txt
|
|
|
|
|
- raft-medium-directories.txt
|
|
|
|
|
- raft-small-directories-lowercase.txt
|
|
|
|
|
- raft-small-directories.txt
|
2022-09-11 20:29:45 +03:00
|
|
|
|
|
|
|
|
|
|
|
|
|
## WEB-INF-dict.txt
|
|
|
|
|
Use for: discovering sensitive j2ee files exploiting a lfi
|
|
|
|
|
|
|
|
|
|
References:
|
|
|
|
|
|
|
|
|
|
- https://gist.github.com/harisec/519dc6b45c6b594908c37d9ac19edbc3
|
|
|
|
|
- https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/generic/generic-j2ee-lfi.yaml
|
|
|
|
|
- https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
|
|
|
|
|
|
